Stefan Metzmacher [Wed, 23 Apr 2014 12:45:45 +0000 (14:45 +0200)]
s3:rpc_client: Use gensec for NCALRPC_AS_SYSTEM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Thu, 17 Apr 2014 10:02:45 +0000 (12:02 +0200)]
s3-auth: Register ncalrpc_as_system gensec module.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 16 Apr 2014 13:21:40 +0000 (15:21 +0200)]
gensec: add DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM backend
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 11:07:15 +0000 (13:07 +0200)]
s3:rpc_server: pass everything but AUTH_TYPE_{NONE,NCALRPC_AS_SYSTEM} to gensec
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 23 Apr 2014 08:42:12 +0000 (10:42 +0200)]
s3-rpc_server: Call pipe_auth_verify_final() if needed.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 23 Apr 2014 08:40:27 +0000 (10:40 +0200)]
s3-rpc_server: Return the status code from gensec.
We need to know the difference between NT_STATUS_OK
and NT_STATUS_MORE_PROCESSING_REQUIRED.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 11:02:35 +0000 (13:02 +0200)]
s3:rpc_server: let auth_generic_server_step() handle gensec_security == NULL
This simplifies the caller, we don't need to look at the auth_type anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 16:13:04 +0000 (18:13 +0200)]
s3:rpc_server: make sure we have a unix token
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 11:01:00 +0000 (13:01 +0200)]
s3:rpc_server: handle everything but AUTH_TYPE_NONE as gensec in verify_final
The NCALRPC_AS_SYSTEM doesn't use pipe_auth_verify_final() yet,
so it's fine for now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 12:35:15 +0000 (14:35 +0200)]
s3:rpc_client: pass everything to gensec by default
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 16:59:52 +0000 (18:59 +0200)]
auth/gensec: use auth_ctx->generate_session_info() for schannel
This way we generate a correct session info for the s3 rpc_server,
including a unix token.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 17:00:26 +0000 (19:00 +0200)]
s3:auth: allow special SYSTEM and ANONYMOUS handling in auth3_generate_session_info()
auth_ctx->generate_session_info() will be used by the SCHANNEL and
NCALRPC_AS_SYSTEM gensec modules in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Tue, 22 Apr 2014 23:07:18 +0000 (16:07 -0700)]
s3: torture - Fix racy assumption in original messaging test.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 24 00:50:55 CEST 2014 on sn-devel-104
Jeremy Allison [Tue, 22 Apr 2014 22:55:53 +0000 (15:55 -0700)]
s3: torture - Add required talloc frame for msgtest.c
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Jeremy Allison [Fri, 18 Apr 2014 22:09:28 +0000 (15:09 -0700)]
s3: winbindd: Call dgram cleanup init background setup.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Fri, 18 Apr 2014 22:08:19 +0000 (15:08 -0700)]
s3: nmbd: Call dgram cleanup init background setup.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Fri, 18 Apr 2014 22:06:05 +0000 (15:06 -0700)]
s3: smbd: Call dgram cleanup init background setup.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 11 Apr 2014 11:08:56 +0000 (11:08 +0000)]
s3: messaging: Add infrastructure to clean up orphaned sockets every 15 minutes as a background task.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 18 Apr 2014 21:47:39 +0000 (14:47 -0700)]
s3 : build system : Move lib/background.c from smbd_base to samba3core.
Allows background jobs to be run from winbindd and nmbd.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 11 Apr 2014 11:07:10 +0000 (11:07 +0000)]
smbd: Call the msg_ctx destructor for background jobs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 10 Apr 2014 20:09:04 +0000 (22:09 +0200)]
smbcontrol: Add dgm-cleanup command
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 10 Apr 2014 20:07:11 +0000 (22:07 +0200)]
messaging_dgm: Add messaging_dgm_wipe
This walks all sockets and wipes the left-overs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 11 Apr 2014 07:13:10 +0000 (09:13 +0200)]
smbd: Always clean up the child's msg_ctx
This is a bit lazy programming, we could and possibly should do this in
exit_server() in the child. But this way we make sure the cleanup works. If it
only was executed for unclean exits, we might not detect failure of this code
in the parent.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 11 Apr 2014 07:12:46 +0000 (09:12 +0200)]
smbcontrol: Clean up the msg_ctx
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 11 Apr 2014 07:09:49 +0000 (09:09 +0200)]
printing_cups: Call the msg_ctx destructor on exit
With the new messaging, if we don't do this, we'll leave sockets around. I'm
sure we will not catch everything, so a periodic cleanup will be required.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 4 Apr 2014 19:12:06 +0000 (21:12 +0200)]
smbd: Sort notify events by timestamp
This will fix the raw.notify test with the new messaging system. With the new
messaging system messages come in via yet another fd that has to line up in
poll next to the incoming client TCP socket. With the signal-based messaging
messages were always handled before client requests. The new scheme means that
notify messages might be deferred a bit (something which can happen in a
cluster already now), which then means that notify_marshall_changes() will
coalesce entries, which in turn makes raw.notify unhappy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 4 Apr 2014 19:01:01 +0000 (21:01 +0200)]
smbd: Pass on a timestamp in MSG_PVFS_NOTIFY
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 25 Feb 2014 12:15:58 +0000 (12:15 +0000)]
messaging3: Add messaging_send_iov
This uses a copy, will be replaced by a direct iovec call through to
sendmsg on the unix domain socket
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 2 Mar 2014 18:33:08 +0000 (19:33 +0100)]
lib: Add iov_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 2 Mar 2014 17:34:53 +0000 (18:34 +0100)]
lib: Introduce iov_buflen
.. with overflow protection
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 4 Apr 2014 15:11:51 +0000 (15:11 +0000)]
smbd: Pass timespec_current through the notify_callback
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 4 Apr 2014 15:03:44 +0000 (15:03 +0000)]
smbd: Pass timespec_current to notify_fsp
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 4 Apr 2014 15:00:16 +0000 (15:00 +0000)]
smbd: Add a timestamp to queued notify events
In a cluster and with changed messaging it can happen that messages are
scheduled after new SMB requests. This re-ordering breaks a few notify tests.
This starts the infrastructure to add timestamps to notify events, so that they
can be sorted before they are sent out. The timestamp will be the current local
time of notify_fname, that's all we can do.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Feb 2014 13:20:16 +0000 (13:20 +0000)]
lib: Remove messages_local
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Feb 2014 12:23:49 +0000 (12:23 +0000)]
lib: Add messaging_dgm
Messaging based on unix domain datagram sockets
This makes every process participating in messaging bind on a unix domain
datagram socket, similar to the source4 based messaging. The details are a bit
different though:
Retry after EWOULDBLOCK is done with a blocking thread, not by polling. This
was the only way I could in experiments avoid a thundering herd or high load
under Linux in extreme overload situations like many thousands of processes
sending to one blocked process. If there are better ideas to do this in a
simple way, I'm more than happy to remove the pthreadpool dependency again.
There is only one socket per process, not per task. I don't think that per-task
sockets are really necessary, we can do filtering in user space. The message
contains the destination server_id, which contains the destination task_id. I
think we can rebase the source4 based imessaging on top of this, allowing
multiple imessaging contexts on top of one messaging_context. I had planned to
do this conversion before this goes in, but Jeremy convinced me that this has
value in itself :-)
Per socket we also create a fcntl-based lockfile to allow race-free cleanup of
orphaned sockets. This lockfile contains the unique_id, which in the future
will make the server_id.tdb obsolete.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 29 Dec 2013 12:56:44 +0000 (13:56 +0100)]
lib: Move full_path_tos to util_str.c
This can be useful elsewhere
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Feb 2014 11:48:16 +0000 (11:48 +0000)]
lib: Add unix_msg
This is a messaging layer based on unix domain datagram sockets.
Sending to an idle socket is just one single nonblocking sendmsg call. If the
recv queue is full, we start a background thread to do a blocking call. The
source4 based imessaging uses a polling fallback. In a situation where
thousands of senders beat one single blocked socket, this will generate load on
the system due to the constant polling. This does not happen with a threaded
blocking send call.
The threaded approach has another advantage: We save become_root() calls on the
retries. The access checks are done when the blocking socket is connected, the
threaded blocking send call does not check permissions anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Feb 2014 11:43:51 +0000 (11:43 +0000)]
lib: Add poll_funcs
This is an abstraction for a tevent loop. It will be used in low-level
messaging with the goal to make low-leve our low-level messaging routines
usable also for other projects which are not based on tevent.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Amitay Isaacs [Tue, 22 Apr 2014 05:24:49 +0000 (15:24 +1000)]
ctdb-recoverd: Detach database from recovery daemon
As part of vacuuming, recoverd attaches to databases to migrate records.
When detaching a database from main daemon, it should be removed from
recovery daemon also.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Apr 23 17:05:45 CEST 2014 on sn-devel-104
Amitay Isaacs [Tue, 22 Apr 2014 02:19:08 +0000 (12:19 +1000)]
ctdb-tests: Add test for re-attaching detached database
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Amitay Isaacs [Wed, 23 Apr 2014 01:44:20 +0000 (11:44 +1000)]
ctdb-tools/ctdb: Unlock records before closing tdb database
Now freeing ctdb_db context will close the tdb database. So make sure
all the locks are released (by freeing record handles or memory context
from which record handles are allocated) before freeing ctdb_db context.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Amitay Isaacs [Tue, 22 Apr 2014 05:07:33 +0000 (15:07 +1000)]
ctdb-client: Talloc tdb_wrap off ctdb_db_context
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Amitay Isaacs [Sun, 20 Apr 2014 10:52:03 +0000 (20:52 +1000)]
ctdb-daemon: Talloc tdb_wrap off ctdb_db_context
This will ensure that when ctdb_db is freed, it will close the tdb
database.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Martin Schwenke [Tue, 15 Apr 2014 03:53:09 +0000 (13:53 +1000)]
ctdb-tests: Update "ctdb detach" test
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
Amitay Isaacs [Tue, 15 Apr 2014 02:27:44 +0000 (12:27 +1000)]
ctdb-tools/ctdb: Detach databases only if all nodes disallow client access
This makes sure that AllowClientDBAttach is set to 0 before detaching any
databases.
If someone enables the tunable between checking of tunable and actual
detaching of databases, then they deserve what they get. :-)
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Amitay Isaacs [Tue, 15 Apr 2014 02:23:42 +0000 (12:23 +1000)]
ctdb-daemon: Do not allow database detach if AllowClientDBAttach=1
This avoids the server detaching a database if clients are allowed to
connect to databases.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Alexander Bokovoy [Wed, 26 Mar 2014 10:30:30 +0000 (12:30 +0200)]
ad-dc: use exit_daemon() to communicate status of startup to systemd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 23 04:44:46 CEST 2014 on sn-devel-104
Alexander Bokovoy [Wed, 26 Mar 2014 09:45:21 +0000 (11:45 +0200)]
winbindd: use exit_daemon() to pass startup status to systemd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Alexander Bokovoy [Wed, 26 Mar 2014 09:34:56 +0000 (11:34 +0200)]
nmbd: use exit_daemon() to report status to systemd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Alexander Bokovoy [Wed, 26 Mar 2014 08:56:12 +0000 (10:56 +0200)]
smbd: use exit_daemon() to support reporting to systemd from smbd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Alexander Bokovoy [Tue, 25 Mar 2014 10:53:04 +0000 (12:53 +0200)]
add systemd integration
Add --with-systemd / --without-systemd options to check whether
libsystemd-daemon library is available and use it to report service
startup status to systemd for smbd/winbindd/nmbd and AD DC.
The problem it solves is correct reporting of the Samba services
at the point when they are ready to serve clients, important for
high availability software integration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Michael Adam [Tue, 22 Apr 2014 20:32:14 +0000 (22:32 +0200)]
s3:smbd: fix typo in comment for set_conn_force_user_group()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Wed Apr 23 01:49:09 CEST 2014 on sn-devel-104
Kamen Mazdrashki [Mon, 21 Apr 2014 15:51:09 +0000 (17:51 +0200)]
s4:samba_kcc: Use 'dburl' passed from command line rather than lp.samdb_url()
This patch makes '-H, --URL' param to actually work as expected
Change-Id: Ie7f4e9e3fc1f79a938473312e200f36de6886596
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Kamen Mazdrashki [Mon, 21 Apr 2014 15:39:21 +0000 (17:39 +0200)]
s4:kcc_util: fix loading connection transport object - used to refer to not defined object
Change-Id: If8dc8e8db85f1a882ec73dc83d28fa1b5156de84
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Kamen Mazdrashki [Mon, 21 Apr 2014 15:36:58 +0000 (17:36 +0200)]
s4:samba_kcc: fix reference to DSA object while building partial replica list
Change-Id: I33209dfd42d8c3af8d80b862ba0022d15385311b
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Kamen Mazdrashki [Mon, 21 Apr 2014 15:32:36 +0000 (17:32 +0200)]
s4:samba_kcc: Fix error handling opening export ldif file
Change-Id: If52440272513ef244e33481476da0e884969153c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Kamen Mazdrashki [Mon, 21 Apr 2014 12:43:51 +0000 (14:43 +0200)]
s4:kcc_utils: Propagate 'samdb' into load_connection_transport() method
so it is actually able to make samdb.search-es
Change-Id: I8491fd215710a53fbb41d607381f89afb5267464
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Kamen Mazdrashki [Mon, 21 Apr 2014 12:32:48 +0000 (14:32 +0200)]
s4:KCC: Use dsdb.DS_DOMAIN_FUNCTION_2008 constant for DS-Behavior comparisons
DS_BEHAVIOR_WIN2008 was used so far which is a leftover from previous
KCC implementation in "C"
Change-Id: Id9b6551073c0b17cc27e086faa315b01305f39a5
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Kamen Mazdrashki [Mon, 21 Apr 2014 01:47:40 +0000 (03:47 +0200)]
samba-tool/upgrade: Fix exception thrown during upgrade from samba3
Change-Id: Ib486c0c7a68c53c61acdf270f966a43b1c61bace
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Jeremy Allison [Mon, 21 Apr 2014 20:58:49 +0000 (13:58 -0700)]
s3: srvsvc pipe - We should return WERR_BADFILE in _srvsvc_NetShareAdd if the path does not exist.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: David Disseldorp <ddiss@suse.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 22 22:19:18 CEST 2014 on sn-devel-104
Christof Schmitt [Thu, 17 Apr 2014 20:43:53 +0000 (13:43 -0700)]
vfs_gpfs: Avoid warnings in developer build
Remove an unused variable and use discard_const_p.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 18 22:25:25 CEST 2014 on sn-devel-104
Andrew Bartlett [Thu, 27 Mar 2014 21:56:02 +0000 (10:56 +1300)]
s4-auth: Make the auth_winbind_wbclient use more correct code now in auth/wbc_auth_util.c
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Thu, 27 Mar 2014 21:41:46 +0000 (10:41 +1300)]
auth: Move wbcAuthUserInfo_to_netr_SamInfo3 to the top level
This allows auth_winbind in source4 to use this more correct conversion routine.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Wed, 16 Apr 2014 14:07:14 +0000 (16:07 +0200)]
s3-libads: allow ads_try_connect() to re-use a resolved ip address.
Pass down a struct sockaddr_storage to ads_try_connect.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104
Andreas Schneider [Thu, 13 Feb 2014 14:55:30 +0000 (15:55 +0100)]
lib: Remove socket wrapper python module.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 17 17:12:50 CEST 2014 on sn-devel-104
Andreas Schneider [Fri, 5 Jul 2013 10:07:49 +0000 (12:07 +0200)]
dns.py: Use the python socket module.
We preload socket_wrapper, no need to use the special module.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 13 Feb 2014 14:49:27 +0000 (15:49 +0100)]
selftest: Preload socket_wrapper.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 7 Apr 2014 14:12:21 +0000 (16:12 +0200)]
lib: Change socket_wrapper to preloadable version.
This imports socket_wrapper 1.0.1.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 7 Apr 2014 14:09:00 +0000 (16:09 +0200)]
Remove special socket_wrapper code.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 12 Feb 2014 15:24:26 +0000 (16:24 +0100)]
replace: Add socket_wrapper_enabled().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 3 Jul 2013 12:17:00 +0000 (14:17 +0200)]
s4-torture: Remove socket_wrapper testsuite.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Tue, 4 Mar 2014 12:52:52 +0000 (13:52 +0100)]
selftest: Disable loading ldb modules with RTLD_DEEPBIND.
This is needed in order to allow the ldb_*ldap module
to work with a preloaded socket wrapper.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Tue, 4 Mar 2014 12:50:41 +0000 (13:50 +0100)]
ldb: Add a env variable to disable RTLD_DEEPBIND.
We need a way to disable this in order to allow the
ldb_*ldap modules to work with a preloaded socket wrapper.
The only known user is the bind_dlz module,
but symbol versioniong might be enough...
So in future we may remove this completely
or at least invert the default behavior.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 3 Jul 2013 12:26:49 +0000 (14:26 +0200)]
s3-libads: Use ldap_initialize() if available.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 20 Feb 2014 09:34:49 +0000 (10:34 +0100)]
selftest: Rename WINBINDD_SOCKET_DIR environment variable.
It is very confusing if the env var uses the same name as the define in
the source code. So prefix it with SELFTEST.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 13 Feb 2014 14:53:29 +0000 (15:53 +0100)]
wbclient: Check with nss_wrapper_enabled().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 27 Jun 2013 14:12:47 +0000 (16:12 +0200)]
selftest: Write the nss_wrapper hosts file.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 12 Jun 2013 13:42:01 +0000 (15:42 +0200)]
selftest: Set NSS_WRAPPER_MODULE variables for NSS module.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 3 Jul 2013 12:08:04 +0000 (14:08 +0200)]
selftest: Add the user running the test to passwd.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 31 Jan 2014 15:34:25 +0000 (16:34 +0100)]
selftest: Preload nss_wrapper
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 31 Jan 2014 14:57:43 +0000 (15:57 +0100)]
lib: Change nss_wrapper to preloadable version.
This imports nss_wrapper version 1.0.2.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 3 Jul 2013 12:04:57 +0000 (14:04 +0200)]
Remove special nss_wrapper code
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 3 Jul 2013 12:07:30 +0000 (14:07 +0200)]
s4-torture: Remove nss_wrapper testsuite.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Tue, 8 Apr 2014 08:07:14 +0000 (10:07 +0200)]
replace: Add nss_wrapper_hosts_enabled().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 7 Apr 2014 14:32:20 +0000 (16:32 +0200)]
replace: Add nss_wrapper_enabled().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 7 Apr 2014 14:29:21 +0000 (16:29 +0200)]
lib: Add missing include for unistd.h in unix_privs.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 7 Apr 2014 14:27:22 +0000 (16:27 +0200)]
lib: Add missing include for unistd.h in setid.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 6 Nov 2013 16:43:19 +0000 (17:43 +0100)]
s3: Use root_mode() to get uid_wrapper working correctly.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 6 Nov 2013 17:00:31 +0000 (18:00 +0100)]
s3-lib: Add root_mode() which can deal with uid_wrapper.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 9 Sep 2013 14:28:18 +0000 (16:28 +0200)]
libwbclient: Handle uid_wrapper for pipe access.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 17 Jan 2014 15:06:42 +0000 (16:06 +0100)]
s4-ntfs: Improve uid check in wrapper mode.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 2 Apr 2014 13:42:29 +0000 (15:42 +0200)]
s3-utils: Do not disable the root check in smbpasswd.
We will run uid_wrapper as root so that this succeeds.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 29 Jul 2013 11:50:06 +0000 (13:50 +0200)]
testprogs: Fix tests calling smbpasswd.
smbpasswd has a check that it is root so make sure we start with
uid_wrapper being root!
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 2 Apr 2014 13:41:34 +0000 (15:41 +0200)]
selftest: Call smbpasswd as root.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 3 Apr 2014 08:42:30 +0000 (10:42 +0200)]
selftest: Enable uid_wrapper globally.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 3 Jul 2013 10:55:29 +0000 (12:55 +0200)]
selftest: Pass uid_wrapper library to selftest and preload it.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 3 Jul 2013 10:52:52 +0000 (12:52 +0200)]
Remove uid_wrapper related code.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 17 Jan 2014 13:43:01 +0000 (14:43 +0100)]
lib: Change uid_wrapper to preloadable version.
This imports version 1.0.1 of uid_wrapper.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 17 Jan 2014 14:23:54 +0000 (15:23 +0100)]
replace: Add uid_wrapper_enabled().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 20 Jan 2014 11:37:44 +0000 (12:37 +0100)]
wafsamba: Add set_target to CHECK_BUNDLED_SYSTEM.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>